I am encrypying my .NET config file using this command and it works just fine:
aspnet_regiis -pe "connectionStrings" -app "/SampleApplication"
For this to work though I have to have a virtual directory called SampleApplication pointing to the folder my web.config file is under.
Is there a way to just specify the path to the file and not have to have a virtual dir?
I tried with
aspnet_regiis -pe "connectionStrings" -location "c:\FoldercontainingWebConfigFile"
but i get the error: " path attribute must be a relative virtual path". And cannot contain any of ":" "\" etc...
I am looking here:
http://msdn.microsoft.com/en-us/library/k6h9cz8h%28v=vs.80%29.aspx
Is there any way to do this?
I got it with!
-pef "sectionName" "full path to directory containing web.config file"
Have a look at this tool - it loads all your IIS sites and vdirs, and lets you pick the file (and section) you want to encrypt/decrypt.
Related
I just learned the command to encrypt a connection string in my Web.config file.
aspnet_regiis -pe "connectionStrings" "/MyApp"
This command does encrypt Web.config. However, In my app I have a Web.config file for several environments: Web.test.config, Web.production.config, etc. Is it possible to specify which env/config file to encrypt? I tried:
aspnet_regiis -pe "connectionStrings" "/MyApp/Web.test.config"
But this did not work.
Don't use web.XXX.config because it has to be stored in your source code. You should be using environment variables (which you can still access via your existing code that reads web.config).
The environment variables can be defined on the server directly and this bypasses your problem, e.g. the production server has different connection string than UAT.
I have a C# Web API Elastic Beanstalk app which needs a folder outside the deployment directory that the IUSER and IIS_USERS users can write to. I've created a .config file and put this in the top level .ebextensions folder in my project. The contents are below:
commands:
0_mkdir:
command: mkdir C:\\AppFolder\\
1_set_iuser_permissions:
command: cacls C:\\AppFolder\\ /t /e /g IUser:f IIS_Users:f
However while the folder is created successfully the permissions aren't set. If anyone has any idea what I am doing wrong I would be hugely grateful. Big thanks in advance.
In the end I switched to using Json instead of YAML as, despite my YAML being validated by several online YAML testers, AWS still wouldn't accept it. It always had issues with the parameters passed to icacls. I also changed to a folder within the application App_Data folder as setting permissions on any directory external to the application didn't appear to work. So, my final configuration file is as follows:
{
"container_commands": {
"01": {
"command": "icacls \"C:/inetpub/wwwroot/AppName_deploy/App_Data/AppFolder\" /grant DefaultAppPool:(OI)(CI)F"
}
}
}
Hope this helps someone else out.
It looks like you are using invalid .net accounts (unless these are custom accounts you created). That is part of the reason why your permissions are not being set. They should be IUSR or IIS_IUSRS
Furthermore, container_commands executes after your app/server environment has been setup, but before your deployment has started. There is no other way to set permissions on files/folders within your deployment directory other than using a wpp.targets file within visual studio.
The following SO post is a good read using wpp.targets to solve your issue.
Can Web Deploy's setAcl provider be used on a sub-directory?
Place a file 01_fix_permissions.config inside .ebextensions folder.
contents:
files:
"/opt/elasticbeanstalk/hooks/appdeploy/pre/49_change_permissions.sh":
mode: "000755"
owner: root
group: root
content: |
#!/usr/bin/env bash
sudo chown -R ec2-user:ec2-user tmp/
I have created a webservice which also has a client (console app). This client is placed on a mapped drive. Calling the service results in an error with the log4net dll. The error is a ThrowSecurityException and the message it has is something like this (I only have the German text, so I have to translate): The assembly only allows callers which are fully trustworthy.
The dll is in the same directory as the client exe file. I tested on a normal drive and it works fine. Ideas here?
try to give the dll read permission to everyone http://technet.microsoft.com/en-us/library/bb727008.aspx
you might need to do it from the original location.
try to change the securityPolicy section in your config file to this:
<system.web>
<securityPolicy>
<trustLevel name="Minimal" policyFile="web_minimaltrust.config"/>
</securityPolicy>
</system.web>
you can read about it here: http://msdn.microsoft.com/en-us/library/wyts434y.aspx
You need to assign FullTrust to the network drive (it has LocalIntranet by default). I think this should be similar as for a network share. See Using CasPol to Fully Trust a Share.
Edit:
Or try something like this:
caspol -q -machine -addgroup 1 -url file://X:/* FullTrust -name "X Drive"
(replace X with your mapped drive letter)
The connection string setting is below:
Name:
dbPersonConnectionString
Type:
Connection string
Scope:
Application
Value:
Data Source=|DataDirectory|\dbPerson.sdf
When I install & run the application, it looks for DB in C:\MyApp\Data\ folder. It should be C:\MyApp without additional \Data folder.
Should I simply create Data folder in my project and move DB files under that folder or I simply adjust |DataDirectory| -and how-?
EDIT:
string executable = System.Reflection.Assembly.GetExecutingAssembly().Location;
string path = (System.IO.Path.GetDirectoryName(executable));
AppDomain.CurrentDomain.SetData("DataDirectory",path);
This has been asked before. This MSDN post gives a good overview.
It should indeed default to your binaries folder, you can change it with AppDomain.SetData() . If you change it, better do it early.
AppDomain.CurrentDomain.SetData("DataDirectory", Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location));
This should work always because Directory.GetCurrentDirectory() may return other directory than the executable one
This one solved my problem
AppDomain.CurrentDomain.SetData("DataDirectory", Directory.GetCurrentDirectory());
I see several others have posted this question, however, none of the solutions I've tried have fixed this yet. I have a 32-bit XP running VS 2008 and I am trying to encrypt my connection string in my web.config file.
But I am getting the error:
The configuration section '...' was not found. Failed!
The command I give it:
C:\Program Files\Microsoft Visual Studio 9.0\VC>Aspnet_regiis.exe -pe "system.we
b/AdventureWorksConnectionString2" -app "/Documents and Settings/Admin/My Docume
nts/Visual Studio 2008/Projects/AddFileToSQL2"
Also, how does -app map virtual directory? In other words the path above is the directory right below c:. Is this the correct path to use? And AddFileToSQL2 is the name of my project, although it is part of the AddFileToSQL solution.
I have this folder web shared with all of the permissions.
And the relevant part of my web.config file:
<add name="AdventureWorksConnectionString2" connectionString="Data Source=SIDEKICK;Initial Catalog=AdventureWorks;Persist Security Info=true; User ID=AdventureWorks;Password=sqlMagic"
providerName="System.Data.SqlClient" />
With DPAPI, you can only encrypt whole sections as far as I know. Thus, you cannot encrypt just your one connection string but the entire connectionStrings section. Second the -app refers to the virtual path to the application on your IIS server in which it should find the given section and config file. Thus, if your site look like this:
root
/appFoo
And you wanted to encrypt the connection strings in /appFoo you would do
aspnet_regiis -pe "connectionStrings" -app "/appFoo"
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI